What’s New in CodeSentry 6.2
Explore the latest features and enhancements in CodeSentry 6.2 SaaS! We are excited to announce several enhancements in the latest release of CodeSentry: Operating System and Package Analysis (Windows): Improved Package Naming accuracy where package versions are removed from the package names before they are displayed in the SBOM More ... Read More
What’s New in CodeSentry 6.1
Explore the latest features and enhancements in CodeSentry 6.1! We are excited to announce several enhancements in the latest release of CodeSentry: Operating System and Package Analysis (Windows): Detects the detailed Windows Version, Build and UBR (Update Build Revision) Reports all application and software packages installed on a Windows disk ... Read More
Introducing BCA Marketplace: SBOM generation & management
In a world where software transparency is becoming increasingly critical, CodeSecure is helping lead the charge with the first-ever, Binary Composition Analysis (BCA) Marketplace. With the enforcement of the January 2024 cybersecurity regulation under the European Union's (EU) Cyber Resilience Act (CRA), the consequences of failing to comply with Software ... Read More
What’s New in CodeSentry 6.0
Explore the latest features and enhancements in CodeSentry 6.0! We are excited to announce several enhancements in the latest release of CodeSentry: New Annotation Features: The N-Day Findings tab now includes options to modify vulnerability statuses and CVSS scores, and output an updated VEX file. For detailed usage, refer to ... Read More
Log4j and the Role of SBOMs in Reducing Software Security Risk
Recent high-profile cybersecurity incidents such as the SolarWinds attack and the Apache Log4j vulnerability have exposed the threats associated with the software supply chain. These can range from fairly simple exploits of known vulnerabilities to very sophisticated attacks, sponsored by nation-state actors ... Read More
A Practical Approach to Shifting Security Left
There are two important considerations when adding security to an existing DevOps pipeline. The first is security in code, which means, when code is developed, the security of the code itself should be continuously reviewed and assessed. The second is security as code, in other words, security requirements need to ... Read More
Integrations are Key to Success in DevSecOps for Embedded Development
The term DevSecOps is a contraction of developer, security and operations. Despite the buzzword hype, it does have positive implications for improving the quality, security and functional safety of embedded software applications. Many organizations have adopted DevOps over the past years and integrated their continuous integration and deployment processes. However, ... Read More
Multi-language SAST and SCA for Android Platforms and Applications
Android is, for most people, a mobile operating system for their phone or tablet. In fact, it’s an extremely successful open source platform in general. It’s common in automobile infotainment systems, set top boxes and even finds its way into industrial uses. From the user’s perspective it’s an easy-to-use user ... Read More
Securing the Software Supply Chain Goes Beyond Application Development
In July 2017, one of the biggest data breaches was due to an insecure and out of date web application platform. This breach would have been prevented if the Apache Struts platform the web application ran on had the most recent updates applied. This is of course, the massive Equifax ... Read More
